Add and manage groups of users for your organization in VMware Aria Automation for Secure Clouds

Groups offer a convenient way to assign identical permissions to multiple users at once. This is useful if your organization includes multiple teams with common access needs.

1. From the CSP dashboard, navigate to Identity & Access Management > Groups.
2. Click Add Groups.
3. Choose Create a new group, then select continue.
4. Specify a group name and description.
5. If you have multiple organizations, you can click +Add Organizations to share this group across them. The group is automatically associated with organization you're logged into when creating it.
6. Click +Add Members and enter the email addresses of the users you want added to the group when it's created.
7. Choose organization and service roles as necessary, then select Create.

You can refer to this image as a guide when creating a group.

In this case, the group has been created with viewer access to the VMware Aria Automation for Secure Clouds organization. Any user who is added to the group automatically inherits the same permissions.

Project access for groups

You can grant a group access to a project the same way you would for a user. Refer to the Manage users section for more details.

Remember that any assigned organization permissions inherit for all projects, so you only need to assign project access to a group that has no organization permissions or needs more access to a given project than what is already provided by existing organization permissions.

Modify group roles

If necessary, you can change permissions for a group after initial setup. For example, you can follow these steps to remove a group's organization viewer role while retaining any project access it has.

1. From the CSP dashboard, navigate to Identity & Access Management > Active Users.

2. Search for the group and click the double arrow icon next to the name to expand their role. If you see (Limited) next to the service role, it means the group has project access. If the service role does not have a limited label, then the group has organization access.

   

3. Click Edit Roles.

4. Remove the service role and click Save.